Our policy is the standard. Lock everything down. Make a user request access to something. THen you can track who has what.
The forwarding of email to non corporate accounts is a little trickier. That goes into the whole email archive can of worms ;) Chris -----Original Message----- From: Brad Bemis [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 3:57 PM To: [EMAIL PROTECTED] Subject: ATTN Corporate Security Officers - E-Mail Usage Policies -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, I'd like to find out what other companies are doing from a[n effective] policy perspective to secure e-mail usage within the enterprise. I am most interested in policies relating to mail forwarding (corporate e-mails to non-corporate accounts), external account access (like checking your home account from work), and accessing free on-line mail services (like hotmail or yahoo) from the corporate network. I'd like to ratchet things down as tightly as possible while still allowing for the business needs of the organization to be served. Thank you for your time and attention, ========================================= Brad Bemis, CISSP, CISA, CBCP Information Security Specialist Airborne Express ========================================= Email Notice: This communication may contain sensitive information. If you are not the intended recipient, or believe that you have received this communication in error; do not print, copy, retransmit, disseminate, or otherwise use the information contained herein for any unauthorized purpose. Please alert the sender that you have received this message in error, and delete the copy that you received. -----BEGIN PGP SIGNATURE----- Version: PGP Freeware, Ver 6.5.8CKT - Build 8 Comment: KeyID: 0x691D248A Comment: Fingerprint: ECF3 F29A 65FD 3437 46FC FADF 54B9 6BD1 691D 248A iQA/AwUBPZtPqFS5a9FpHSSKEQKV3gCfd9uP7U/3KmuAt2RtI9rMjVpL6SEAoLup 2M7ezIrJ4E83M3H5Oyn57/cp =pBb1 -----END PGP SIGNATURE-----